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We dont update this page anymore, it became somewhat of a Chinese menu for effects operations. Information is now available for JTRIG staff at [[1]^] 

[edit] Understanding this page 

Tools and techniques are developed by various teams within JTRIG. We like to let people know when we have something that we can think we can use, 
but we also dont want to oversell our capability. 

For this reason, each tool indicates its current status. We may put up experimental tools or ones that are still in development so you know what we are 
working on, and can approach JTRIG with any new ideas. But experimental tools by their nature will be unreliable, if you raise expectations or make 
external commitments before speaking to us you will probably end up looking stupid. 

Most of our tools are fully operational, tested and reliable. We will indicate when this is the case; however there can be reasons why our tools wont work 
for some operational requirements (eg if it exploits a provider specific vulnerability). There may also be legal restrictions. 

So please come and speak to JTRIG operational staff early in your operational planning process, 
[edit] Current Priorities 

Capability Development Priorities can be fond by following the link below 
■ CapDev Priorities (Discover)!! 



[edit] Engineering 



Tool/System 

Cerberus 
Statistics 
Collection 

JTRIG 

RADIANT 

SPLENDOUR 

ALLIUM ARCH 

ASTRAL 

PROJECTION 

TWILIGHT 

ARROW 



Description 

Collects on-going usage information about how many users utilise 
JTRIG's UIA capability, what sites are the most frequently visited etc. 
This is in order to provide JTRIG infrastucture and ITServices 
management information statistics. 

is a Data Diode' connecting the CERBERUS network with GCNET 
JTRIG UIA via the Tor network. 

Remote GSM secure covert internet proxy using TOR hidden services. 
Remote GSM secure covert internet proxy using VPN services. 



Status 



Contacts 



OPERATIONAL JTRIG Software Developers 13 



OPERATIONAL JTRIG Software Developers E3 



OPERATIONAL JTRIG 
OPERATIONAL JTRIG 

OPERATIONAL JTRIG 



JTRIG's new Infrastructure. FOREST WARRIOR, FRUIT BOWL, JAZZ 
SPICE ISLAND FUSION and other JTRIG systems will form part of the SPICE ISLAND 
infrastructure 



POISON 
ARROW 

FRUIT BOWL 

NUT ALLERGY 

BERRY 
TWISTER 
BERRY 
TWISTER+ 
BRANDY SNAP 
WIND FARM 

CERBERUS 

BOMBAYROLL 

JAZZ FUSION 

COUNTRY FILE 
TECHNO 
VIKING 

JAZZ FUSION* 
BUMBLEBEE 
DANCE 
AIR BAG 
EXPOW 
AXLE GREASE 
POD RACE 
WATCHTOWER 
REAPER 
DIALcl 
FOREST 
WARRIOR 
DOG HANDLER 



Safe Malware download capability. 

CERBERUS UIA Replacement and new tools infrastructure - Primary 
Domain for Generic User/Tools Access and TOR split into 3 sub- 
systems. 

JTRIG Tor web browser - Sandbox IE replacement and FRUIT BOWL 
sub-system 

A sub -system of FRUIT BOWL 

A sub -system of FRUIT BOWL 

JTRIG UIA contingency at Scarborough. 
R&D offsite facility. 

JTRIG's legacy UIA desktop, soon to be replaced with FOREST 
WARRIOR. 

JTRIG's legacy UIA standalone capability. 

BOMBAY ROLL Replacement which will also incorporate new collectors 
- Primary Domain for Dedicated Connections split into 3 sub-systems. 
A sub-system of JAZZ FUSION 

A sub-system of JAZZ FUSION 

A sub-system of JAZZ FUSION 

JTRIG Operational VM/TOR architecture 

JTRIG Laptop capability for field operations. 
GCHQ's UIA capability provided by JTRIG. 
The covert banking link for CPG 
JTRIG'S MS update farm 

GCNET -> CERBERUS Export Gateway Interface System 
CERBERUS -> GCNET Import Gateway Interface System 
External Internet Re dial and Monitor Daemon 
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DESIGN 



DESIGN 



PILOT 



PILOT 



PILOT 



JTRIG 



JTRIG 



JTRIG 



JTRIG 



JTRIG 



JTRIG 



IMPLEMENTATION JTRIG 

DESIGN JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 

IMPLEMENTATION JTRIG 

OPERATIONAL JTRIG 

DESIGN JTRIG 

DESIGN JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 

DESIGN JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 

OPERATIONAL JTRIG 



nfrastructure Team 13 
nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team SI 

nfrastructure Team 13 
nfrastructure Team 13 

nfrastructure Team 13 m] 

nfrastructure Team 13 
nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 

nfrastructure Team 13 
nfrastructure Team 13 
nfrastructure Team 13 
nfrastructure Team 13 
Software Developers 13 
Software Developers 13 
Software Developers 13 



Desktop replacement for CERBERUS 
JTRIG's development network 

DIRTY DEVIL JTRIG'S research network 



DESIGN 
DESIGN 

DESIGN 



JTRIG Infrastructure Team 13 

JTRIG Infrastructure Team 13 
JTRIG Infrastructure Team 13 



[edit] Collection 



Tool 


Description 


Contacts Status 


AIRWOLF 


YouTube profile, comment and video collection. 


^SSBBKSSSj Beta release. 


ANCESTRY 


Tool for discovering the creation date of yahoo selectors. 


JTRIG Software Fully 
Developers E3 Operational. 


BEAR TRAP 

mJ Lftl 111 1# %l 


Rulk rptripual of nuhlir RFRH n roll lei from mpimhpr nr nrniin in 


JTRIG Software Fully 
Developers S Operational. 


BIRDSONG 


Automated posting of Twitter updates. 


„ , Decomissioned. 

JTRKi Software 

Replaced by 

U f H | IJ II H [ .-. 1 

SYLVESTER 


BIRDSTRIKE 


Twittpr mnnitriririn and nrnfilp rnllprtion dirk hprp forthp ll^pr GuiHp 

1 VVIH^I 1 1 1 \JI 1 1 LV 1 II IU QIIU |< 1 \J 1 1 1 \* \f II o %m%,\ V 1 1 . 1 1 w 1 - 1 \* 1 \* IVI LI IC V_r%jwl VUIUC . 


JTRIG Software Fully 
Developers to Operational. 


BUGSY 


Google+ collection (circles, profiles etc.) 


Tech Leads In early 


J'J'-'r v|> Tit it. 






[Tech L~,v:l:| 


DANCING 


obtains the locations of WiFi access points. 


■Expert Fully 


BEAR 


. J ^Operational. 












[Tech Leading! 


DEVILS 


ECI Data Technique. 


1 Expert Fully 


HANDSHAKE 




:■ ■ Operational. 








DRAGON'S 
SNOUT 




Tech Leads 


Paltalk group chat collection. 


BBri.?. release. 


EXCALIBUR 


acquires a Paltalk UID and/or email address from a Screen Name. 


Fully 

JTRIG Sac/, : r operational 
Developers E3 (against current 
Paltalk version) 

[Tech Lead: 


FAT YAK 


Public data collection from Linkedln. 


1 In development 


FUSEWIRE 


Provides 2477 monitoring of Vbulliten forums for target postings/online activity. Also allows 
staggered postings to be made. 


JTRIG Software 
Developers H3 


GLASSBACK 


Technique of getting a targets IP address by pretending to be a spammer and ringing them. 
Target does not need to answer. 


JTRIG Software Fully 
Developers to operational. 






ITech Lead: _ „ 
^^^^^b^^b Fully 

H^^HH operational. 


GODFATHER 


Public data collection from Facebook. 






In Development 






^ech Lead: (Supports 


GOODFELLA 


Generic framework for public data collection from Online Social Networks. 


YJkMjln£S^£ti RenRen and 

1 




is a port scanning tool designed to scan an entire country or city. It uses GEOFUSION to 




HACIENDA 


identify IP locations. Banners and content are pulled back on certain ports. Content is put into 


NAC HACIENDA Fully 


the EARTHLING database, and all other scanned data is sent to GNE and is available through 
GLOBAL SURGE and Fleximart. 


TaskersEl operational. 


ICE 


is an advanced IP harvesting technique. 


JTRIG Software 
Developers SI 


INSPECTOR 


Tool for monitoring domain information and site availability. 


JTRIG Software Fully 
Developers E3 Operational. 


LANDING 
PARTY 


Tool for auditing dissemination of VIKING PILLAGE data. 


Fully 

JTRIG Software operational. 

Developers Is3 



MINIATURE 
HERO 


Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and 
bidirectional instant messaging. Also contact lists. 


JTRIG Software 
Developers H3 


Fully 

operational, but 
note usage 
restrictions 


MOUTH 


Tool for collBction for downloading a user's filss from Archive.org. 


JTRIG Software 
Developers S 


Fully 

Operational. 


MUSTANG 


provides covert access to the locations ol GSM cell towers. 


[Tech Lead: JBffi 
He < pert 


Fully 


Us o|- : MtKSSMM 


Operational. 


PHOTON 


A technique to actively grab the IP address of an MSN messenger user. 




Operational, but 

usage 

restrictions. 


TORPEDO 












RESERVOIR 


Facebook application allowing collection of various information. 


JTRIG Software 
Developers H3 


Fully 

operational, but 
note operational 
restrictions. 






[Tech 1 •- - <! H 




SEBACIUM 


An ICTR developed system to identify P2P file sharing activity of intelligence value. Logs are ptffli 


1 Expert 




accessible via DIRTY RAT. 


User: 






SILVER 
SPECTER 


Allows batch Nmap scanning over TOR 


JTRIG Software 
Developers H3 


In Development 


SODAWATER 


A tool for regularly downloading gmail messages and forwarding them onto CERBERUS 
mailboxes 


JTRIG Software 
Developers S3 


Fully 

Operational. 


SPRING 
BISHOP 


Find private photographs of targets on Facebook. 


Tech Lead: 




SYLVESTER 


Framework for automated interaction / alias management on online social networks. 


Tech Lead: 


In Development. 


TANNER 


A technical programme allowing operators to log on to a JTRIG website to grab IP addresses of 
Internet Cafe's. 


JTRIG OSOlsa 


Replaced by 
HAVOK. 



TRACER 
FIRE 


An Office Document that grabs the targets Machine info, files, logs, etc and posts it back to 
GCHQ. 


H^^ACEF; 

FIRE JTRIG 113 


In Development. 


VIEWER 


A programme that (hopefully) provides advance tip off of the kidnappers IP address for HMG j 
personnel. 


[Tech Lead:(| 

lb I'vlT. 

Usri : J 


Operational, but 
awaiting field 
trial. 


VIKING 
PILLAGE 


Distributed network for the automatic collection of encrypted/compressed data from remotely 
hosted JTRIG projects. 


PILLAGE JTRIG 
Software 
Developers S 


Operational 


TOP HAT 


Aversion of the MUSTANG and DANCING BEAR techniques that allows us to pull back Cell 
Tower and WiFi locations targeted against particular areas. 


[Tech Lead:BBI 


In development. 



[edit] Effects capability 

JTRIG develop the majority of effects capability in GCHQ. A lot of this capability is developed on demand for specific operations and then further 
developed to provide weaponised capability. 

Dont treat this like a catalogue. If you dont see it here, it doesnt mean we cant build it. If you involve the JTRIG operational teams at the start of your 
operation, you have more of a chance that we will build something for you. 

For each of our tools we have indicated the state of the tool. We only advertise tools here that are either ready to fire or very close to being ready 
(operational requirements would re -prioritise our development). Once again, involve the JTRIG operational teams early. 



Tool 


Description 


Status 

Ready to fire (but 


Contacts 

[Tech Lead: 


ANGRY 
PIRATE 


is a tool that will permanently disable a target's account on their computer. 


see target 
restrictions). 












is a tool to test the effect of certain types of PDU SMS messages on phones / network. 


Ready to fire (Not 
It against live 


[Tech Lead: 


ARSON SAM 




also includes PDU SMS Dumb Fuzz testing ^P. 


targets, this is a 
R&D Tool). 






L.AUCII UOCI .1 




is an automated system developed by JTRIG CITD to support JTRIG BUMPERCAR 






BUMPERCAR+ 


operations. BUMPERCAR operations are used to disrupt and deny Internet- based terror 


Ready to fire. 

s 


JTRIG Software 


videos or other material. The technique employs the services provided by upload provide 
to report offensive materials. 


Developers S 


BOMB BAY 


is the capability to increase website hits/rankings. 


In Development. 






BADGER 


mass delivery of email messaging to support an Information Operations campaign 


Ready to fire. 


JTRIG OSOE3 


BURLESQUE 


is the capability to send spoofed SMS text messages. 


Ready to fire. 


jtrig osona 


CANNON BALL 


is the capability to send repeated text messages to a single target. 


Ready to fire. 


JTRIG OSOlia 
[Tech Lead: 


CLEAN 




Ready to fire 




SWEEP 


Masquerade Facebook Wall Posts for individuals or entire countries 


(SIGINT sources 


Expert User: 




required) 




CLUMSY 
BEEKEEPER 




NOT READY TO 
FIRE. 


Tech L-: "i | 


Some work in progress to investigate IRC effects. 


He .|. - i. 




User :K|BHgEMBt| 


CHINESE 
FIRECRACKER 


Overt brute login attempts against online forums 


Ready to fire. 


FIRECRACKER E3 


CONCRETE 


is the capability to scatter an audio message to a large number of telephones, or 






In development. 




DONKEY 


repeatedly bomb a target number with the same message. 






rTtir^h 1 flaH' 
1 1 e^N LedU . 


DEER 


Ability to aid-geolocation of Sat Phones / GSM Phones via a silent calling to the phone. 


Ready to fire. 




STALKER 












GATEWAY 


Ability to artificially increase traffic to a website 


Ready to fire. 


JTRIG OSOIsJ 


GAMBIT 


Deployable pocket- si zed proxy server 


In-development 


jtrig osona 


GESTATOR 


amplification of a given message, normally video, on popular multimedia websites 
(Youtube). 




[Tech Lead: ?; 








GLITTERBALL Online Gaming Capabilities for Sensitive Operations. Currently Second Life. 


In development. 




IMPERIAL 
BARGE 






[Tech Lead: BFF^ffl 


For connecting two target phone together in a call. 


Tested. 


|3SB|HExper^^~ 






1 1 ' H H 


PITBULL 


Capability, under development, enabling large scale delivery of a tailored message to 
users of Instant Messaging services. 


In development. 




POISONED 


Effects against Gigatribe. Built by ICTR, deployed by JTRIG. 




Tech Leai:l: ^BjB| 


DAGGER 







PREDATORS 


Targeted Denial Of Service against Web Servers. 






ROLLING 
THUNDER 


Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG. 






SCARLET 
EMPEROR 


Targeted denial of service against targets phones via call bombing. 


Ready to fire. 


JTRIG Software 
Developers 113 


SCRAPHEAP 
CHALLENGE 


Perfect spoofing of emails from Blackberry targets. 


Ready to fire, but 
see constraints. 




SERPENTS 
TONGUE 


for fax message broadcasting to multiple numbers. 


In redevelopment. 


[Tech Lead: J 
j^^tgj Expert 


SILENT 
MOVIE 


Targeted denial of service against SSH services. 


Ready to fire. 


[Tech Lead: BBJ 








[Tech Lead: BJ 


SILVERBLADE 


Reporting of extremist material on DAILYMOTION. 


Ready to fire. 




SILVERFOX 


List provided to industry of live extremist material files hosted on FFUs. 


Ready to fire. 


[Tech Lead:3J 


SILVERLORD 


Disruption of video-based websites hosting extremist content through concerted target 
discovery and content removal. 


Ready to fire. 


[Tech Lead: 33jEjjS| 

•Expert User: 


SKYSCRAPER 


Production and dissemination of multimedia via the web in the course of information 
operations. 


Ready to fire. 


[Tech Lead: Section 
X, Expert Users: 
Language Team] 


SLIPSTREAM 


Ability to inflate paqe views on websites 


Ready to fire. 


JTRIG OSO 13 


STEALTH 
MOOSE 


is a tool that will Disrupt target's Windows machine. Logs of how long and when the effect 
is active. 


Ready to fire (but 
see target 
restrictions). 


[Tech Lead: 
Expert User: ] 


SUNBLOCK 


Ability to deny functionality to send/receive email or view material online. 


Tested, but 
operational 
limitations. 


[Tech Lead: Section 
X; Expert UserMwl 


Swamp 
donkey 


is a tool that will silently locate all predefined types of file and encrypt them on a targets 
machine. 


Ready to fire (but 
see target 
restrictions). 


[Tech Lead: 
^^^^^^^^^^ 


TORNADO 
ALLEY 


is a delivery method (Excel Spreadsheet) that can silently extract and run an executable 
on a target's machine. 


Ready to fire (but 
see target 
restrictions). 


1 l~a f h 1 fiori' 
[1 c(.ll LcdU . 


UNDERPASS 


Change outcome of online polls (previously known as NUBILO) 


In development. 


[Tech Lead: Section 


VIPERS 

T i~\ 1 1 j~ III - 

TONGUE 


is a tool that will silently Denial of Service calls on a Satellite Phone or a GSM Phone. 


Ready to fire (but 
see target 
restrictions). ■ 


[Tech Lead: 
Expert User:H 


WARPATH 


Mass delivery of SMS messages to support an Information Operations campaign 


Ready to fire. 


JTRIG OSO S3 



[edit] Work Flow Management 



Tool 

HOME PORTAL 



Description 

A central hub for all JTRIG Cerberus tools 



Contacts 

JTRIG Software 
Developers E3 

CYBER COMMAND A centralised suite of tools, statistics and viewers for tracking current operations across the Cyber JTRIG Software 
CONSOLE community. Developers ii3 

JTRIG Software 

A web service and admin console for the translation of usemames between networks. For use with Developers H3 
gateways and other such technologies. 



NAMEJACKER 



[edit] Analysis Tools 



Tool 

BABYLON 
CRYOSTAT 
ELATE 
PRIMATE 

JEDI 

JILES 

MIDDLEMAN 
OUTWARD 



TANGLEFOOT 



Description Contacts 

is a tool that bulk queries web mail addresses and verifies whether they can be signed up lor. A green tick JTRIG Software 
indicates that the address is currently in use. Verification can currently be done for Hotmail and Yahoo. Developers i3 
is a JTRIG tool that runs against data held in NEWPIN. It then displays this data in a chart to show links JTRIG Software 
between targets. Developers 
is a suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk). These tools are JTRIG Software 
hosted on an Internet server, and results are retreived by encrypted email. Developers na 

is a JTRIG tool that aims to provides the capability to identify trends in seized computer media data and JTRIG Software 
metadata. Developers E3 

JTRIG will shortly be rolling out a JEDI pod to every desk of every member of an Intelligence Production [Tech Lead:J 
Team. The challenge is to scale up to over 1,200 users whilst remaining agile, efficent and responsive to | ^Expert User: 
customer needs. SBBBSSiitftgtiifa 

is a JTRIG bespoke web browser. 

is a distributed real-time event aggregation, tip-off and tasking platform utilised by JTRIG as a middleware 
layer. 

is a collection of DNS lookup, WHOIS Lookup and other network tools. 

is a bulk search tool which queries a set of online resources. This allows analysts to quickly check the 



online presence of a target. 



[Tech Leacl: ^BBfll 

ert User:] 
JTRIG Software 
Developers EJ 
JTRIG Software 
Developers 121 
JTRIG Software 
Developers E3 




is a data index and repository that provides analysts with the ability to query data collected from the 
SLAMMER Internet from various JTRIG sources, such as EARTHLING, HACIENDA, web pages saved by analysts 
etc. 



JTRIG Software 
Developers 13 



[edit] Databases 



Tool Description 

BYSTANDER is a categorisation database accessed via web service. 



CONDUIT 



NEWPIN 



is a database of C2C identifiers for Intelligence Community assets acting online, 
either under alias or in real name. 

is a database of C2C identifiers obtained from a variety of unique sources, and a 



suite of tools for exploring this data 
QUINCY is an enterprise level suite of tools for the exploitation of seized media. 



Contacts 

JTRIG Software Developers E3 
JTRIG Software Developers H3 

JTRIG Software Developers H3 

[Tech L : :.<.! :H H Expert Users: 



[edit] Forensic Exploitation 



Tool 


Description 


Contacts 




BEARSCRAPE 


can extract WiFi connection history (MAC and timing) when supplied with a copy of the 


[Tech Lead:H| 


•- t 


registry structure or run on the box. 


User:] 






The Sigint Forensics Laboratory was developed within NSA. It has been adapted by JTRIG 
as its email extraction and first-pass analysis of seized media solution. 


[Tech LeadH 




SFL 




^BExpert User: 




is a tool to extract mobile phone data from a copy of the phone's memory (usually supplied 
as an image file extracted through FTK. 

is a tool to extract data from field forensics' reports created by Celldek, Cellebrite, XRY, 
Snoopy and USIM detective. These reports are transposed into a Newpin XML format to 






Snoopy 


[Tech LeadH 










MobileHoover 


[Tech Lead H 










upload to Newpin. 












Nevis 


is a tool developed by NTAC to search disk images for signs of possible Encryption 


[Tech LhhlI H 




products. CMA have further developed this tool to look for signs of Steganography 







[edit] Techniques 



Tool 


Description 


Contacts 


CHANGELING 


Ability to spoof any email address and send email under that identity 


J 1 KIO UbU u 


HAVOK 


Real-time website cloning technique allowing on-the-fly alterations 


JTRIG OSOE3 


MIRAGE 




JTRIG OSO SI 


SHADOWCAT End-toEnd encrypted access to a VPS over SSH using the TOR network 


JTRIG OSO 13 


SPACE 
ROCKET 


is a programme covering insertion ot media into target networks. CRINKLE CUT is a tool developed by ICTR- 
CISA to enable JTRIG track images as part of SPACE ROCKET. 


Tech Lr H'.l .| 


| Expert 


User: 


RANA 


is a system developed by ICTR-CISA providing CAPTCHA- solving via a web service on CERBERUS. This is 


Tech 


intended for use by BUMPERCAR+ and possibly in future by SHORTFALL but anyone is welcome to use it. 


^Expert Us< 


LUMP 


A system that finds the avatar name from a SecondLife AgentID 


JTRIG Software 
Developers 






JTRIG Software 


GURKHAS 
SWORD 


Beaconed Microsoft Office Documents to elicite a targets IP address. 


Developers SI 



[edit] Shaping and Honeypots 



Tool 

DEADPOOL 
HUSK 

LONGSHOT 


Description 

URL shortening service 

Secure one-to-one web based dead-drop messaging platform 
File-upload and sharing website 


Contacts 

JTRIG OSO E3 
JTRIG OSO El 
JTRIG OSO £S 


MOLTEN-MAGMA 


CGI HTTP Proxy with ability to log all traffic and perform HTTPS Man in the Middle. 


JTRIG Software Developers 13 


NIGHTCRAWLER 


Public online group against dodgy websites 


JTRIG OSO E3 


PISTRIX 


Image hosting and sharing website 


JTRIG oso a 


WURLITZER 


Distribute a file to multiple file hosting websites. 



JTRIG Logo.png 
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